Bybit raises decentralization questions as report reveals fund freezing mechanisms in blockchain networks

Bybit’s Lazarus Security Lab released a report on Wednesday, revealing that several blockchain networks have built-in mechanisms to freeze funds. Of 166 blockchain networks, 16 had built-in freezing capabilities, while another 19 could enable such features with minor protocol changes.

The security lab found that the freezing mechanisms include hardcoded logic in the blockchain code in BNB Chain and VeChain. They also included configuration file controls (such as Aptos and Sui), which are managed via validator or foundation settings. 

Security breaches drive most fund freezing incidents 

If a blockchain can freeze your funds, is it really decentralized?

A new report by Bybit’s Lazarus Security Lab exposes how 16 major blockchains can pause or block transactions at will.

A roundup: 👇

After analyzing 166 blockchains, researchers found that:

• 16 blockchains… pic.twitter.com/pKRvMA0ihi

— Cryptopolitan (@CPOfficialtx) November 12, 2025

On-chain contract execution on blockchains like HECO was observed to include freezing mechanisms. The blockchain also allows an admin address to add any address to its blacklist directly, with updates functioning immediately.

Bybit’s Lazarus Security Lab also found a flurry of incidents where blockchain networks froze funds. Cryptopolitan previously reported that Sui froze around $162 million in stolen assets after the Cestus hack in May 2025, resulting in losses of  $223 million in digital assets. 

The exchange disclosed that Aptos added support for TransactionFilter a month later, following the incident. The security lab noted that the blacklisting functions introduced functionality similar to that of the Sui blockchains, enabling transactions to be denied based on blacklisted addresses. 

The exchange revealed that BNB Chain used hardcoded blacklists to freeze a $570 million bridge security breach in October 2022. VeChain also froze funds in 2019 from a $6.6 million security incident involving VET tokens.

According to the Lazarus Security Lab, Cosmos’s modular account design may enable future fund-freezing interventions in blockchains. Bybit noted that such interventions demonstrate how fund freezing can serve as an emergency tool to protect users and mitigate damage in large-scale security attacks. Cosmos’s modular accounts get blocked from performing normal transactions because they serve specific internal protocol functions rather than general user activity.

According to the report, each module account keeps a list called blockedAddrs that includes all module accounts by default. The Lazarus Security Lab said the account aims to prevent users from accidentally sending digital assets to such accounts. It will also help stop module accounts from transferring funds out in the event of a security breach.

Bybit calls for clear and transparent safety mechanisms

Bybit’s Lazarus Security Lab disclosed that it built an AI-assisted detection framework to conduct the review. The firm said the framework helps scan codebases for modules enabling blacklisting, transaction filtering, or dynamic configuration updates. The lab later used human researchers to validate each case, ensuring accuracy.

The Lazarus Security Lab maintained that transparency around emergency intervention mechanisms should become a central part of blockchain governance. The lab urged projects to publicly disclose whether and how they can intervene in on-chain activity. 

“Blockchain was built on the principle of decentralization – yet our research shows that many networks are developing pragmatic safety mechanisms to respond quickly to threats. At Bybit, we believe transparency builds trust. Our goal is to encourage open dialogue and better governance across the industry.”

–David Zong, Head of Group Risk Control and Security at Bybit.

The study also acknowledged that clear and transparent safety mechanisms will help build lasting trust among users and institutions as crypto matures. Bybit argued that the ability to lock a user’s assets without their consent runs counter to the core principle of decentralization, as it reintroduces a central authority with control over funds.

Bybit disclosed that the core logic for protocol-level fund freezing is typically located in the tx_pool or the code of validators. The exchange also noted that blockchains within the same family tend to show similar characteristics, influenced by their overall design and programming languages.

Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.